The use of digital signature encryption methods is common when computing devices are programmed for the first time or reprogrammed later. A digital signature is a mathematical construct for demonstrating the authenticity of a digital message or document and gives a recipient reason to believe that the message was created by a known sender, and that the message was not altered in transit. Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery or tampering.
Digital signatures employ a type of asymmetric cryptography and are equivalent to traditional handwritten signatures in many respects. However, properly implemented digital signatures are more difficult to forge than the handwritten type. Digitally signed messages may be anything representable as a bitstring such as electronic mail, computer programs, certificates, data, contracts, or a message sent via some other cryptographic protocol.
In brief, a computing device to be loaded with software typically includes a root public key that is previously installed or embedded in its memory. Any new software to be loaded has a certificate embedded therein that has been signed by a corresponding root private key, or a derivative thereof, residing at a trusted entity. Herein, the derivative of the root (public, private) key is a subordinate public key.
The subordinate private key, also known as a second level private key, is used when the access to the root private key is to be minimized. The subordinate public key, also known as a second level public key, is contained in a certificate signed by the root private key and the certificate itself is delivered with the file content. The second level private key is then used to sign the file content being transferred and uploaded to the computing device.
When uploading new software files into a computing device, the embedded root public key is used to validate (or certify) that the digital certificate traveling with the software file(s) is genuine. The new software file(s) are commonly created at a remote programming tool or other type of programming apparatus. Programming tools are well known in the art and will not be discussed herein in the interest of simplicity and brevity.
The software is uploaded into the computing device using a boot loader which is an elementary software object that usually exists in the operating system kernel that performs the task of uploading and installing software into memory of the computing device. Boot loaders are well known in the art and details thereof will not be discussed in further detail in the interest of simplicity and brevity.
Once the digitally certificated file(s) are received at the computing device, the digital certificate containing the second level public key is validated by the embedded root public key. Certificate signature validation is well known in the art and details thereof will not be discussed in further detail in the interest of simplicity and brevity and will be referred to herein as “validation.”
Once the digital certificate is validated, the second level public key in the digital certificate is then in turn used to validate the digital signature on the associated application software or data file. Hereinafter, the application software, data file, calibration packages, data package or “data” for system operation to be loaded into the ECU may also be referred to as the “soft part” of the file structure being loaded. The “soft part” does not refer to certificates, keys or other digital objects used for security purposes.
Conventionally, should multiple software applications, calibration packages or data files need to be loaded, the same certificate is usually attached to every data file in the soft part and transmitted repeatedly from the programming tool to the processor of the computing device. Such retransmission of the second level key certificate for every data file in the soft part requires consumption of excessive bandwidth on an already limited capacity data bus and requires unnecessary processing time for the actual re-validation by the processor. Thus, it is desirable to develop innovative methods of programming a computing device to minimize bandwidth and processor overhead used to validate a software upload.
Further, other desirable features and characteristics of the present invention will become apparent from the subsequent detailed description and the appended claims, taken in conjunction with the accompanying drawings and the foregoing technical field and background.